[PATCH v2 0/3] virtiofs: hiprio FORGET robustness and no-reply request completion
From: Li Wang
Date: Thu Apr 02 2026 - 06:45:38 EST
This series fixes virtiofs completion for FUSE requests that do not use a
reply descriptor, tightens hiprio FORGET handling when virtqueue submission
fails transiently, and prevents the hiprio worker from stalling when one
FORGET must be dropped after an unrecoverable error.
The first patch addresses correctness: completing a no-reply request must
not interpret the reply header fields, otherwise it will cause underflow,
and the bounce buffer allocated for the absent out header must be freed.
The host may complete virtio requests without an out descriptor (e.g.
FUSE_FORGET). The completion path must not run copy_args_from_argbuf(),
which expects a valid fuse_out_header from the reply path. This series also
ensures virtio_fs_verify_response() runs only for real replies (FR_ISREPLY),
and frees req->argbuf on the no-reply path to avoid a per-request leak.
Changes since v1
------------------------------
Patch 1: v1 only guarded copy_args_from_argbuf() with FR_ISREPLY. v2 also
kfree(req->argbuf) when !FR_ISREPLY (the buffer was allocated in
copy_args_to_argbuf for an out header that never arrives), and gates
virtio_fs_verify_response() in virtio_fs_requests_done_work() on FR_ISREPLY
so uninitialized fuse_out_header is never verified.
Patch 2: behavior matches v1. The commit message is expanded to explain
transient GFP_ATOMIC exhaustion and why dropping the FORGET would skew
nlookup and leak kernel state.
Patch 3: behavior matches v1. The commit message documents the
return-value contract with virtio_fs_hiprio_dispatch_work() and the stall
risk on the nonzero path.
Commit messages were rewritten for clearer rationale.
Li Wang (3):
virtiofs: Complete no-reply virtio requests without parsing the out
header
virtiofs: Retry hiprio FORGET when virtqueue_add_outbuf() returns
-ENOMEM
virtiofs: Do not stall hiprio FORGET dispatch after dropping one
request
fs/fuse/virtio_fs.c | 37 +++++++++++++++++++++++++++++--------
1 file changed, 29 insertions(+), 8 deletions(-)
--
2.34.1